IP Tables by example

IP Tables by example
24th February 2011 No Comments Uncategorised admin

 I have taken created a LAN between Windows( Host) and a Ubuntu VM(Guest).The Ip address of VM is 192.168.56.101 and that of host is 192.168.56.1.(Please note that IP’s should be in the same subnet for a LAN connection).

Iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores.

For help on iptables type  man iptables

IP TABLES MAN PAGE

I have installed ftp and open ssh server on the Linux VM.So before iptables is implemented the results would be

Putty Tel connected open ssh

 

BEFORE CREATING IPTABLES NEW RULES FLUSH THE OLD RULES

iptable flush

Iptables –list command is used show details about the iptables chain.

IPTABLES RULES EXAMPLES

1>iptables -I INPUT -p tcp –dport 22 –jREJECT

This is will reject all the packets coming from any source to port 22(ssh server).For this example I have installed open-ssh server.

2>iptables -I INPUT -s 192.168.56.1 -p tcp –dport 21 –jDROP.

This is will reject all the packets coming from 192.168.56.1 source to port 21(ftp server).For this example I have installed wu-ftp server.

3> iptables -I INPUT -s 192.168.56.1 -p icmp –jDROP

This is will reject  the ping echo request coming from 192.168.56.1 source.

nmap

 

 

After creating iptable rules and running an nmap scan on the localhost we find that ssh (22) has been blocked by the firewall, as we had  created this rule “iptables -I INPUT -p tcp –dport 22 –jREJECT”

The port has been blocked for everyone including the host itself.

Now if connect the to open ssh server from 192.168.56.1 via putty then it won’t connect as the port is blocked.

Similarly ping to 192.168.56.101 wont work.

Iptable rules are stored in /etc/iptables.up.rules

 

To delete iptables chain rule replace –I switch by –D.

Tools to configure iptables:

1>Knetfilter

 

2>Webmin

About The Author

Leave a reply

Your email address will not be published. Required fields are marked *

four × 3 =